The remote openSUSE 15 host has packages installed that are affected by multiple vulnerabilities as referenced in the SUSE-SU-2023:0353-1 advisory.
Grafana is an open source observability and data visualization platform. Versions prior to 9.1.8 and 8.5.14 are vulnerable to a bypass in the plugin signature verification. An attacker can convince a server admin to download and successfully run a malicious plugin even though unsigned plugins are not allowed.
Versions 9.1.8 and 8.5.14 contain a patch for this issue. As a workaround, do not install plugins downloaded from untrusted sources. (CVE-2022-31123)
Grafana is an open source observability and data visualization platform. Versions of Grafana for endpoints prior to 9.1.8 and 8.5.14 could leak authentication tokens to some destination plugins under some conditions. The vulnerability impacts data source and plugin proxy endpoints with authentication tokens.
The destination plugin could receive a userβs Grafana authentication token. Versions 9.1.8 and 8.5.14 contain a patch for this issue. As a workaround, do not use API keys, JWT authentication, or any HTTP Header based authentication. (CVE-2022-31130)
Grafana is an open source observability and data visualization platform. Starting with version 5.0.0-beta1 and prior to versions 8.5.14 and 9.1.8, Grafana could leak the authentication cookie of users to plugins.
The vulnerability impacts data source and plugin proxy endpoints under certain conditions. The destination plugin could receive a userβs Grafana authentication cookie. Versions 9.1.8 and 8.5.14 contain a patch for this issue. There are no known workarounds. (CVE-2022-39201)
Grafana is an open source data visualization platform for metrics, logs, and traces. Versions prior to 9.1.8 and 8.5.14 allow one user to block another userβs login attempt by registering someone elseβe email address as a username. A Grafana userβs username and email address are unique fields, that means no other user can have the same username or email address as another user. A user can have an email address as a username. However, the login system allows users to log in with either username or email address. Since Grafana allows a user to log in with either their username or email address, this creates an usual behavior where user_1
can register with one email address and user_2
can register their username as user_1
βs email address. This prevents user_1
logging into the application since user_1
βs password wonβt match with user_2
βs email address. Versions 9.1.8 and 8.5.14 contain a patch. There are no workarounds for this issue. (CVE-2022-39229)
Grafana is an open-source platform for monitoring and observability. Versions prior to 9.2.4, or 8.5.15 on the 8.X branch, are subject to Improper Input Validation. Grafana admins can invite other members to the organization they are an admin for. When admins add members to the organization, non existing users get an email invite, existing members are added directly to the organization. When an invite link is sent, it allows users to sign up with whatever username/email address the user chooses and become a member of the organization. This introduces a vulnerability which can be used with malicious intent. This issue is patched in version 9.2.4, and has been backported to 8.5.15. There are no known workarounds.
(CVE-2022-39306)
Grafana is an open-source platform for monitoring and observability. When using the forget password on the login page, a POST request is made to the /api/user/password/sent-reset-email
URL. When the username or email does not exist, a JSON response contains a user not found message. This leaks information to unauthenticated users and introduces a security risk. This issue has been patched in 9.2.4 and backported to 8.5.15. There are no known workarounds. (CVE-2022-39307)
Note that Nessus has not tested for these issues but has instead relied only on the applicationβs self-reported version number.
#%NASL_MIN_LEVEL 80900
##
# (C) Tenable, Inc.
#
# The package checks in this plugin were extracted from
# SUSE update advisory SUSE-SU-2023:0353-1. The text itself
# is copyright (C) SUSE.
##
include('deprecated_nasl_level.inc');
include('compat.inc');
if (description)
{
script_id(171431);
script_version("1.2");
script_set_attribute(attribute:"plugin_modification_date", value:"2023/07/14");
script_cve_id(
"CVE-2022-31123",
"CVE-2022-31130",
"CVE-2022-39201",
"CVE-2022-39229",
"CVE-2022-39306",
"CVE-2022-39307"
);
script_xref(name:"SuSE", value:"SUSE-SU-2023:0353-1");
script_name(english:"openSUSE 15 Security Update : SUSE Manager Client Tools (SUSE-SU-2023:0353-1)");
script_set_attribute(attribute:"synopsis", value:
"The remote openSUSE host is missing one or more security updates.");
script_set_attribute(attribute:"description", value:
"The remote openSUSE 15 host has packages installed that are affected by multiple vulnerabilities as referenced in the
SUSE-SU-2023:0353-1 advisory.
- Grafana is an open source observability and data visualization platform. Versions prior to 9.1.8 and
8.5.14 are vulnerable to a bypass in the plugin signature verification. An attacker can convince a server
admin to download and successfully run a malicious plugin even though unsigned plugins are not allowed.
Versions 9.1.8 and 8.5.14 contain a patch for this issue. As a workaround, do not install plugins
downloaded from untrusted sources. (CVE-2022-31123)
- Grafana is an open source observability and data visualization platform. Versions of Grafana for endpoints
prior to 9.1.8 and 8.5.14 could leak authentication tokens to some destination plugins under some
conditions. The vulnerability impacts data source and plugin proxy endpoints with authentication tokens.
The destination plugin could receive a user's Grafana authentication token. Versions 9.1.8 and 8.5.14
contain a patch for this issue. As a workaround, do not use API keys, JWT authentication, or any HTTP
Header based authentication. (CVE-2022-31130)
- Grafana is an open source observability and data visualization platform. Starting with version 5.0.0-beta1
and prior to versions 8.5.14 and 9.1.8, Grafana could leak the authentication cookie of users to plugins.
The vulnerability impacts data source and plugin proxy endpoints under certain conditions. The destination
plugin could receive a user's Grafana authentication cookie. Versions 9.1.8 and 8.5.14 contain a patch for
this issue. There are no known workarounds. (CVE-2022-39201)
- Grafana is an open source data visualization platform for metrics, logs, and traces. Versions prior to
9.1.8 and 8.5.14 allow one user to block another user's login attempt by registering someone else'e email
address as a username. A Grafana user's username and email address are unique fields, that means no other
user can have the same username or email address as another user. A user can have an email address as a
username. However, the login system allows users to log in with either username or email address. Since
Grafana allows a user to log in with either their username or email address, this creates an usual
behavior where `user_1` can register with one email address and `user_2` can register their username as
`user_1`'s email address. This prevents `user_1` logging into the application since `user_1`'s password
won't match with `user_2`'s email address. Versions 9.1.8 and 8.5.14 contain a patch. There are no
workarounds for this issue. (CVE-2022-39229)
- Grafana is an open-source platform for monitoring and observability. Versions prior to 9.2.4, or 8.5.15 on
the 8.X branch, are subject to Improper Input Validation. Grafana admins can invite other members to the
organization they are an admin for. When admins add members to the organization, non existing users get an
email invite, existing members are added directly to the organization. When an invite link is sent, it
allows users to sign up with whatever username/email address the user chooses and become a member of the
organization. This introduces a vulnerability which can be used with malicious intent. This issue is
patched in version 9.2.4, and has been backported to 8.5.15. There are no known workarounds.
(CVE-2022-39306)
- Grafana is an open-source platform for monitoring and observability. When using the forget password on the
login page, a POST request is made to the `/api/user/password/sent-reset-email` URL. When the username or
email does not exist, a JSON response contains a user not found message. This leaks information to
unauthenticated users and introduces a security risk. This issue has been patched in 9.2.4 and backported
to 8.5.15. There are no known workarounds. (CVE-2022-39307)
Note that Nessus has not tested for these issues but has instead relied only on the application's self-reported version
number.");
script_set_attribute(attribute:"see_also", value:"https://bugzilla.suse.com/1172110");
script_set_attribute(attribute:"see_also", value:"https://bugzilla.suse.com/1204032");
script_set_attribute(attribute:"see_also", value:"https://bugzilla.suse.com/1204126");
script_set_attribute(attribute:"see_also", value:"https://bugzilla.suse.com/1204302");
script_set_attribute(attribute:"see_also", value:"https://bugzilla.suse.com/1204303");
script_set_attribute(attribute:"see_also", value:"https://bugzilla.suse.com/1204304");
script_set_attribute(attribute:"see_also", value:"https://bugzilla.suse.com/1204305");
script_set_attribute(attribute:"see_also", value:"https://bugzilla.suse.com/1205207");
script_set_attribute(attribute:"see_also", value:"https://bugzilla.suse.com/1205225");
script_set_attribute(attribute:"see_also", value:"https://bugzilla.suse.com/1205227");
script_set_attribute(attribute:"see_also", value:"https://bugzilla.suse.com/1205599");
script_set_attribute(attribute:"see_also", value:"https://bugzilla.suse.com/1206470");
script_set_attribute(attribute:"see_also", value:"https://www.suse.com/security/cve/CVE-2022-31123");
script_set_attribute(attribute:"see_also", value:"https://www.suse.com/security/cve/CVE-2022-31130");
script_set_attribute(attribute:"see_also", value:"https://www.suse.com/security/cve/CVE-2022-39201");
script_set_attribute(attribute:"see_also", value:"https://www.suse.com/security/cve/CVE-2022-39229");
script_set_attribute(attribute:"see_also", value:"https://www.suse.com/security/cve/CVE-2022-39306");
script_set_attribute(attribute:"see_also", value:"https://www.suse.com/security/cve/CVE-2022-39307");
# https://lists.suse.com/pipermail/sle-security-updates/2023-February/013725.html
script_set_attribute(attribute:"see_also", value:"http://www.nessus.org/u?f720260a");
script_set_attribute(attribute:"solution", value:
"Update the affected dracut-saltboot and / or spacecmd packages.");
script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:N");
script_set_cvss_temporal_vector("CVSS2#E:U/RL:OF/RC:C");
script_set_cvss3_base_vector("CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:N");
script_set_cvss3_temporal_vector("CVSS:3.0/E:U/RL:O/RC:C");
script_set_attribute(attribute:"cvss_score_source", value:"CVE-2022-39306");
script_set_attribute(attribute:"exploitability_ease", value:"No known exploits are available");
script_set_attribute(attribute:"exploit_available", value:"false");
script_set_attribute(attribute:"vuln_publication_date", value:"2022/10/13");
script_set_attribute(attribute:"patch_publication_date", value:"2023/02/10");
script_set_attribute(attribute:"plugin_publication_date", value:"2023/02/14");
script_set_attribute(attribute:"plugin_type", value:"local");
script_set_attribute(attribute:"cpe", value:"cpe:/o:novell:suse_linux:15");
script_set_attribute(attribute:"generated_plugin", value:"current");
script_end_attributes();
script_category(ACT_GATHER_INFO);
script_family(english:"SuSE Local Security Checks");
script_copyright(english:"This script is Copyright (C) 2023 and is owned by Tenable, Inc. or an Affiliate thereof.");
script_dependencies("ssh_get_info.nasl");
script_require_keys("Host/local_checks_enabled", "Host/cpu", "Host/SuSE/release", "Host/SuSE/rpm-list");
exit(0);
}
include('rpm.inc');
if (!get_kb_item('Host/local_checks_enabled')) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);
var os_release = get_kb_item("Host/SuSE/release");
if (isnull(os_release) || os_release !~ "^SUSE") audit(AUDIT_OS_NOT, "openSUSE");
var os_ver = pregmatch(pattern: "^(SUSE[\d.]+)", string:os_release);
if (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, 'openSUSE');
os_ver = os_ver[1];
if (! preg(pattern:"^(SUSE15\.4)$", string:os_ver)) audit(AUDIT_OS_NOT, 'openSUSE 15', 'openSUSE (' + os_ver + ')');
if (!get_kb_item("Host/SuSE/rpm-list")) audit(AUDIT_PACKAGE_LIST_MISSING);
var cpu = get_kb_item('Host/cpu');
if (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);
if ('x86_64' >!< cpu && cpu !~ "^i[3-6]86$" && 's390' >!< cpu && 'aarch64' >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, 'openSUSE (' + os_ver + ')', cpu);
var pkgs = [
{'reference':'dracut-saltboot-0.1.1673279145.e7616bd-150000.1.44.1', 'release':'SUSE15.4', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['openSUSE-release-15.4']},
{'reference':'spacecmd-4.3.18-150000.3.92.1', 'release':'SUSE15.4', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['openSUSE-release-15.4']}
];
var ltss_caveat_required = FALSE;
var flag = 0;
foreach var package_array ( pkgs ) {
var reference = NULL;
var _release = NULL;
var sp = NULL;
var _cpu = NULL;
var exists_check = NULL;
var rpm_spec_vers_cmp = NULL;
if (!empty_or_null(package_array['reference'])) reference = package_array['reference'];
if (!empty_or_null(package_array['release'])) _release = package_array['release'];
if (!empty_or_null(package_array['sp'])) sp = package_array['sp'];
if (!empty_or_null(package_array['cpu'])) _cpu = package_array['cpu'];
if (!empty_or_null(package_array['exists_check'])) exists_check = package_array['exists_check'];
if (!empty_or_null(package_array['rpm_spec_vers_cmp'])) rpm_spec_vers_cmp = package_array['rpm_spec_vers_cmp'];
if (reference && _release) {
if (exists_check) {
var check_flag = 0;
foreach var check (exists_check) {
if (!rpm_exists(release:_release, rpm:check)) continue;
check_flag++;
}
if (!check_flag) continue;
}
if (rpm_check(release:_release, sp:sp, cpu:_cpu, reference:reference, rpm_spec_vers_cmp:rpm_spec_vers_cmp)) flag++;
}
}
if (flag)
{
security_report_v4(
port : 0,
severity : SECURITY_HOLE,
extra : rpm_report_get()
);
exit(0);
}
else
{
var tested = pkg_tests_get();
if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);
else audit(AUDIT_PACKAGE_NOT_INSTALLED, 'dracut-saltboot / spacecmd');
}
Vendor | Product | Version | CPE |
---|---|---|---|
novell | suse_linux | 15 | cpe:/o:novell:suse_linux:15 |
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-31123
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-31130
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-39201
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-39229
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-39306
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-39307
www.nessus.org/u?f720260a
bugzilla.suse.com/1172110
bugzilla.suse.com/1204032
bugzilla.suse.com/1204126
bugzilla.suse.com/1204302
bugzilla.suse.com/1204303
bugzilla.suse.com/1204304
bugzilla.suse.com/1204305
bugzilla.suse.com/1205207
bugzilla.suse.com/1205225
bugzilla.suse.com/1205227
bugzilla.suse.com/1205599
bugzilla.suse.com/1206470
www.suse.com/security/cve/CVE-2022-31123
www.suse.com/security/cve/CVE-2022-31130
www.suse.com/security/cve/CVE-2022-39201
www.suse.com/security/cve/CVE-2022-39229
www.suse.com/security/cve/CVE-2022-39306
www.suse.com/security/cve/CVE-2022-39307